Managing Device Allocation (Tasks)

Device allocation restricts or prevents access to peripheral devices. Restrictions are enforced at
user allocation time. By default, users must have authorization to access allocatable devices.

Managing Device Allocation (Task Map)

The following task map points to procedures that enable and configure device allocation.
Device allocation is not enabled by default. After device allocation is enabled, see
Allocating Devices (Tasks) for instructions on allocating devices.

How to Authorize Users to Allocate a Device

Create a rights profile that contains the appropriate authorization and commands.

Typically, you would create a rights profile that includes the solaris.device.allocate authorization. Follow the
instructions in How to Create or Change a Rights Profile. Give the rights profile appropriate properties, such as the following:

Rights profile name: Device Allocation

Granted authorizations: solaris.device.allocate

Commands with security attributes: In the exec_attr database, mount with the sys_mount privilege, and umount with the sys_mount privilege

If the list_devices command returns an error message similar to the following,
then either device allocation is not enabled, or you do not have sufficient
permissions to retrieve the information.

list_devices: No device maps file entry for specified device.

For the command to succeed, enable device allocation and assume a role with
the solaris.device.revoke authorization.

Forcibly Allocating a Device

Forcible allocation is used when someone has forgotten to deallocate a device. Forcible
allocation can also be used when a user has an immediate need for
a device.

Before You Begin

You must be assigned the solaris.device.revoke authorization.

Determine if you have the appropriate authorizations in your role.

$ auths
solaris.device.allocate solaris.device.revoke

Forcibly allocate the device to the user who needs the device.

In this example, the tape drive is forcibly allocated to the user
jdoe.

$ allocate -U jdoe

Forcibly Deallocating a Device

Devices that a user has allocated are not automatically deallocated when the process
terminates or when the user logs out. Forcible deallocation is used when a
user has forgotten to deallocate a device.

Before You Begin

You must be assigned the solaris.device.revoke authorization.

Determine if you have the appropriate authorizations in your role.

$ auths
solaris.device.allocate solaris.device.revoke

Forcibly deallocate the device.

In this example, the printer is forcibly deallocated. The printer is now available
for allocation by another user.